Option 4: The remote session cache
The remote session cache is used for session storage by all WebSEAL servers in the cluster. When a client fails over, the new WebSEAL server can retrieve the user's session data from the remote session cache and therefore avoid prompting the user to log in again.
Like failover cookies, the remote session cache allows consistent inactivity and lifetime timeout tracking across all of the WebSEAL servers in the cluster. Also, like failover cookies, the remote session cache allows for single-sign on across multiple WebSEAL clusters in the same DNS domain.
The remote session cache reduces the security risk that is posed by the failover cookie, since only a normal session cookie is used.
The remote session cache also provides extra features that are not available with any other method of maintaining session state across server clusters. For example, the remote session cache allows customer support personnel and WebSEAL administrators to view all of the users who are logged in to the cluster at a given time.
The remote session cache also supports a max-concurrent-web-sessions policy that limits the number of concurrent sessions that are allowed per user.
- The proprietary ‘Distributed Session Cache’ server. See Advanced configuration for the distributed session cache.
- The Redis in-memory data structure store. For more information about using a Redis server as the remote session cache server, see Redis Session Cache.